Microsoft Releases SDL Docs With Creative Commons License

In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly less proprietary about their security methods and mechanisms.

A couple years ago Microsoft opened up the SDL to other organizations through documentation and tools and The Security Development Lifecycle by Michael Howard and Steve Lipner is a well-regarded guide to secure programming by 2 experts at Microsoft. But other development shops were constrained in their use of the SDL. The old license did not allow for reproduction, inclusion or transfer of any part of our documentation or process without express written consent from Microsoft.

David Ladd, Principal Security Program Manager at Microsoft said "Under the previous copyright, SDL materials were under an exclusive Microsoft license. With this more flexible copyright model, developers can now copy, distribute and transmit SDL documentation to others in the industry, which they were unable to do before. Microsoft hopes this more open licensing will encourage developers to build upon the SDL and incorporate security and privacy throughout software development lifecycle."

The new license will use Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms. This means that users must attribute the work to Microsoft, not use it for commercial purposes (i.e. resell it), and if they make and distribute any changes they must do so under the same or a similar license.

Brad Arkin, Senior Director, Product Security & Privacy for Adobe Systems, called the move "very cool & useful esp. for small orgs!" (obviously on Twitter, the man can write better than that unconstrained). Larger organizations, like Adobe themselves, may be able to deal with the hassle of the old SDL licensing, but it's in everyone's interest, including Microsoft, that everyone have more secure code. Well, it's in the interest of everyone who has any business having an interest in it.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service